[Snyk] Fix for 4 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	611/1000 Why? Recently disclosed, Has a fix available, CVSS 6.5	Authorization Bypass Through User-Controlled Key SNYK-JS-PARSEPATH-2936439	Yes	No Known Exploit
	663/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2935944	Yes	Proof of Concept
	633/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 4.8	Information Exposure SNYK-JS-PARSEURL-2935947	Yes	Proof of Concept
	863/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 9.4	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-2936249	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @semantic-release/release-notes-generator

The new version differs by 11 commits.

• 7243769 fix: remove dependency to `git-url-parse`
• 5c3c9b5 docs: correct npm install command
• b33cb95 fix(package): update into-stream to version 4.0.0
• 8c0af24 docs: harmonize docs with other plugins
• a3d4c95 feat: export as an object with `generateNotes` step
• a207dce chore(package): update commitizen to version 3.0.0
• af5860f fix(package): update debug to version 4.0.0
• 6f3807b chore(package): update xo to version 0.23.0
• 1f90e46 fix(package): update get-stream to version 4.0.0
• a859529 chore(package): update xo to version 0.22.0
• 88b7644 feat: use `cwd` and `env` options passed by core

See the full diff

Package name: git-url-parse

The new version differs by 17 commits.

• 6e2d22e Updated docs
• ad81d24 ⬆️ 11.0.0 🎉
• fc916a8 Updated docs
• 6373590 Merge branch 'master' of https://github.com/vedranjukic/git-url-parse into new-version
• 7181411 ⬆️ 10.1.0 🎉
• bdd494b ⬆️ 10.0.2 🎉
• 62d17d0 commit url support
• c66bd99 Updated docs
• c504b8a ⬆️ 10.0.0 🎉
• 30d77e0 ⬆️ 9.0.2 🎉
• b960f1f Updated docs
• b60f0ba ⬆️ 10.0.0 🎉
• 1912236 Merge branch 'fix-source-2parts-sld' of https://github.com/pvdlg/git-url-parse into new-version
• 67ae07c ⬆️ 9.0.2 🎉
• 13dae80 Fix parsing of `source` with 2 parts SLD
• e58ee36 Revert "Fix issue Decouple version determiner from npm registry semantic-release/semantic-release#56"
• c4dfff9 Revert "Fix Write a dont-break verifyRelease plugin semantic-release/semantic-release#65. Check if the parsed resource is not null."

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)
🦉 Server-side Request Forgery (SSRF)